Vulnerabilities > Codeasily > Grand Flagallery
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-28 | CVE-2021-24903 | Cross-site Scripting vulnerability in Codeasily Grand Flagallery The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. | 3.5 |
| 2017-10-18 | CVE-2014-8491 | Information Exposure vulnerability in Codeasily Grand Flagallery 1.56 The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php. | 5.0 |
| 2014-10-01 | CVE-2011-4624 | Cross-Site Scripting vulnerability in Codeasily Grand Flagallery 1.56 Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | 4.3 |